Getting Comfortable With The Basics

Security

1 2 3 7

Over 1 Billion Login Credentials Leaked, Here’s How to See if You Were Compromised

Over 1 Billion Login Credentials Leaked, Here’s How to See if You Were Compromised – By Cameron Summerson, www.howtogeek.com

Maxim Apryatin/Shutterstock.comPhoto by: Maxim Apryatin/Shutterstock.com

Good morning! A whole slew of usernames and plaintext passwords were leaked for a number of different sites—at 772 million and 21 million respectively, it’s the largest data leak in history. Here’s how to make sure your information is still safe.

The 15-minute Chromebook tune-up

The 15-minute Chromebook tune-up – By Jr Raphael, www.computerworld.com

As far as computers go, Chromebooks are almost shockingly low-maintenance. Google's Chrome OS operating system updates itself silently and automatically — as do most of the core apps associated with the platform — and it doesn't get gunked up and slowed down over time, as traditional operating systems tend to do. There's no antivirus software to fret over, either, and little in the way of complicated settings or compatibility concerns. 


New Flag Enables Powerful Feature For Chromebook Files App – By Robby Payne, chromeunboxed.com

If you are a user who’s made the transition to Chromebooks from a more standard OS like Mac OS or Windows, file management could be a little different for you.


9 Most Useful Chrome Browser Extensions – By Natasha Stokes, www.techlicious.com

Using Chrome? One of the greatest features of Google’s nimble, speedy browser is the sheer volume of free extensions available from the Chrome store. These extensions are essentially software add-ons that enhance the browser’s performance, tacking on extra capabilities to what you can do within its confines.

Want stronger passwords? Understand these 4 common password security myths

Want stronger passwords? Understand these 4 common password security myths – By Fahmida Y. Rashid, www.csoonline.com

Talking about password security is a guaranteed crowd-snoozer, a surefire way to make people shut down and tune out, but the reality is that passwords are still important. Email or social media, online banking or gaming, educational applications or online services—anything that keeps some kind of user data still depends on passwords to keep miscreants out. Attackers will continue merrily looting bank accounts and taking over online services if users don’t step up and use better passwords.

YubiKey 5 NFC security key review

YubiKey 5 NFC security key review – By Liz Rodriguez, the-gadgeteer.com

REVIEW – In a previous YubiKey review, I mentioned how we now live in a world where many websites are being compromised. Along with mobile authenticator apps available, using a hardware device such as the YubiKey is great for extra login security. I had the opportunity to take a look at the newest of Yubico’s hardware keys; the YubiKey 5 NFC. Let’s take a look!

 

Google’s Public DNS works with Android 9 Pie

Google's Public DNS now works with Android 9 Pie – By Corbin Davenport, www.androidpolice.com

A Domain Name System, or DNS for short, is the component of your network connection that looks up the server IPs after you enter a domain name (e.g. androidpolice.com). Most people use the default DNS services from their ISPs/carriers, but alternatives have existed for years, like Google Public DNS. Google announced today that its DNS service finally supports DNS-over-TLS, meaning it can be set as the system-wide DNS provider on Android 9 Pie. 


Configure your network settings to use Google Public DNS by developers.google.com

When you use Google Public DNS, you are changing your DNS "switchboard" operator from your ISP to Google Public DNS.

How Safe is Mint.com?

How Safe is Mint.com? – By Curtis Hearn, smartmoneynation.com

A few weeks ago, Equifax, one of the world’s largest repository of personal financial information, announced it had been hacked. Over 140 million consumers’ personal data was stolen, including credit card numbers for some of those affected.

ProtonMail – Import emails from Gmail, Yahoo

ProtonMail now lets you import emails in bulk from Gmail, Yahoo, and others – By Paul Sawers, venturebeat.com

Encrypted email startup ProtonMail is making it easier for users to import their emails from other providers, in a move that could help stoke use of ProtonMail’s service. Additionally, the company will also enable users to backup their emails locally by exporting them to their hard drive.

SMS or authenticator app two-factor

SMS or authenticator app – which is better for two-factor authentication? – By Maria Varmazis, nakedsecurity.sophos.com

In the comments of one of our recent two-factor authentication (2FA) articles, we received a question about whether it was better to use an SMS (text message) code as your second factor of authentication or to use a dedicated authenticator app to generate the code.


Sneaky phishing campaign beats two-factor authentication – By John E Dunn, nakedsecurity.sophos.com

Protecting an account with multi-factor authentication (MFA) is a no-brainer, but that doesn’t mean every method for doing this is equally secure.


This is the future of authentication, according to security experts – By Abhimanyu Ghoshal, thenextweb.com

Passwords may not have been much of an annoyance back in the 1960s, when they were first believed to have been introduced to the world of computing. But as we’ve increasingly adopted a wide range of personal gadgets and online services, they’ve become a pain to manage, and a point of vulnerability that hackers can exploit when conditions are in their favor.

How to lock your online accounts with a security key

Primer: How to lock your online accounts with a security key – By Seth Rosenblatt, the-parallax.com

A tiny slab of circuitry can lock down your online accounts against some of the most determined attacks—unless your sites, your browser, or your own inertia get in the way. 


Things You Should Know Before Enabling Two-Factor Authentication – By Nitin Sharma, medium.freecodecamp.org

With Cybersecurity becoming a big concern, two-factor authentication (2FA) is a topic that is becoming hotter with each passing day.

After all, who doesn’t want to keep their private data safe? Two-factor authentication may not be a bulletproof solution but is one of the easiest and best ways to shore up your virtual security.

Google Drive’s New Backup Feature Reminded Me I Have No Backup Plan

Google Drive's New Backup Feature Reminded Me I Have No Backup Plan – By Patrick Lucas Austin, lifehacker.com

If you don’t have an offsite cloud storage plan (and you really should), Google’s newest update to its cloud storage service Google Drive is ready to fix your gaping data backup hole by letting you pick which folders on your device you’d like to back up to Google Drive instead of forcing you to put the files into a single Google Drive folder. It’s called Backup & Sync.

Google Smart Lock: The complete guide

Google Smart Lock: The complete guide – By Jr Raphael, www.computerworld.com

Think fast: How many times a day do you pick up your phone to look at something? Unless you live in the tundra or have far more self-control than most, the answer probably falls somewhere between "quite a few" and "more than any sane person could count." Assuming you keep your device properly secured, that means you're doing an awful lot of unlocking — be it with your face, your fingerprint, or the code you tap or swipe onto your screen.

How to Avoid Fingerprint Scams in Apps

How to Avoid Fingerprint Scams in Apps – By David Murphy, lifehacker.com

It’s great when an app allows you to add extra security—a fingerprint scan or a depth map of your face, for example—to access its contents. In case someone ever gets their hands on your unlocked device (or figures out your PIN), it’ll be trickier for them to access critical apps, like your banking apps, if they don’t have your finger or face nearby. 

U2F Explained

U2F Explained: How Google and Other Companies Are Creating a Universal Security Token – By Chris Hoffman, www.howtogeek.com

U2F is a new standard for universal two-factor authentication tokens. These tokens can use USB, NFC, or Bluetooth to provide two-factor authentication across a variety of services. It’s already supported in Chrome for Google, Dropbox, and GitHub accounts. Microsoft is working on implementing it in Edge.

Top 5 ways to pick a secure password

Top 5 ways to pick a secure password By Tom Merritt, www.techrepublic.com

Oh, passwords. Someday the FIDO alliance or somebody will save us from them. Until that heady day, we still need them and we need to choose ones that are really hard to guess. Even if you have two-factor authentication turned on—which you should—secure passwords are still a good idea. Fire up your Horse Battery Staple, here are five things to know to pick a good password.


How Password Constraints Give You a False Sense of Security By David Murphy, lifehacker.com

The next time you’re forced to make a password—especially if a site requires you to use a crazy combination of uppercase and lowercase letters, or a number, or a symbol—don’t assume that these attempts at obfuscation automatically mean that your password is incredible and secure. 

Microsoft Accounts Now Support Passwordless Login via FIDO 2 Security Keys

Microsoft Accounts Now Support Passwordless Login via FIDO 2 Security Keys By Lucian Armasu, www.tomshardware.com

Microsoft and Yubico announced today that all Microsoft account owners using the latest Windows 10 version (build 1089) and the Edge browser will be able to log in to their accounts using nothing but a FIDO2/WebAuthn-enabled security key like Yubikey 5.

– Major SMS security lapse is a reminder to use authenticator apps instead

Major SMS security lapse is a reminder to use authenticator apps instead By Jon Porter, www.theverge.com

A recent data breach has exposed a database of around 26 million text messages containing private customer information, reports TechCrunch. In addition to the privacy concerns, the breach also highlights the dangers of relying on SMS messages for receiving two-factor authentication codes or account reset links, which sees sensitive information sent over an unencrypted communications platform.

Google Brings Enhanced Network Features to Project Fi

Google Brings Enhanced Network Features to Project Fi By Paul Thurrott, www.thurrott.com

Google announced today that it is introducing enhanced networking functionality to its Project Fi wireless network. Among the changes are improvements to the Project Fi VPN and a faster, more seamless way to intelligently switch between Wi-Fi and cellular networks.

Privacy.com: Protect Your Bank Accounts

Privacy.com: Protect Your Bank Accounts By Justin, operational-security.com

It is no secret that I am a major fan of Blur, the privacy service that allows you to mask your email address and phone number. One of my favorite features of Blur is credit card masking – the ability to create one-time-use credit card numbers that are billed to your real credit card. A new service has come along that allows you to create one-time use credit card numbers. The service is a little bit different than Blur, and has some advantages and disadvantages. It is called Privacy.com.

– Why You Should Start Using Two-Factor Authentication Now

Why You Should Start Using Two-Factor Authentication Now By Cristina Chipurici, heimdalsecurity.com

Imagine waking up on a splendid spring day, opening your laptop and realising that you can’t access your online accounts anymore. Your email has been breached, your website, your most precious work, is now gone, and your credit card was used for shady transactions.

In a nutshell, this is what I experienced almost 6 years ago. 


Two-factor authentication is a mess By Garret Beard, Russell Brandom, www.theverge.com

For years, two-factor authentication has been the most important advice in personal cybersecurity — one that consumer tech companies were surprisingly slow to recognize. The movement seemed to coalesce in 2012, after journalist Mat Honan saw hackers compromise his Twitter, Amazon, and iCloud accounts, an incident he later detailed in Wired. At the time, few companies offered easy forms of two-factor, leaving limited options for users worried about a Honan-style hack. The result was a massive public campaign that demanded companies to adopt the feature, presenting two-factor as a simple, effective way to block account takeovers. 


Beyond Passwords: 2FA, U2F and Google Advanced Protection by www.troyhunt.com

Last week I wrote a couple of different pieces on passwords, firstly about why we're going to be stuck with them for a long time yet and then secondly, about how we all bear some responsibility for making good password choices. A few people took some of the points I made in those posts as being contentious, although on reflection I suspect it was more a case of lamenting that we shouldn't be in a position where we're still dependent on passwords and people needing to understand good password management practices in order for them to work properly. 


Two Factor Auth (2FA) List – List of websites and whether or not they support 2FA.

Why you should use a password manage

Why you should use a password manager By Jack Wallen, www.techrepublic.com

Your password is weak. Is it your birthday? The birthday of your kids? Your anniversary? Or is it password123? Consider this: It only takes 14.17 minutes to crack a nine-digit password (such as 123456789) that consists of the numbers 1-9. Using a botnet or supercomputer, that same password can be cracked in .0085 seconds. So that weak-sauced password you use for every account you have can be hacked pretty easily.

What is phishing?

What is phishing? How this cyber attack works and how to prevent it By Josh Fruhlinger, www.csoonline.com

Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment.


Phishing Is the Internet’s Most Successful Con By Quinn Norton, www.theatlantic.com

In the classic 1973 heist movie The Sting, two con men—played by Robert Redford and Paul Newman—build a fictitious world in a Depression-era Chicago basement to defraud a corrupt banker. They make an offtrack-betting room, hire actors to ensure the scene is convincing, and even enlist pretend law enforcement to fake-bust their mark. The film is memorable because it is one of the finest movies in the genre, well written and funny, but also because the duo’s work is so meticulously detailed.

SIM Swappers and SIM Swap Myths

Busting SIM Swappers and SIM Swap Myths by krebsonsecurity.com

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. 

– How to spot a phishing email

How to spot a phishing email By Andrew Burton, www.carbonite.com

Phishing and other social engineering attacks are only increasing in frequency, and unfortunately, sophistication. However, there are a number of common indicators of a phishing attack. Knowing what to look for goes a long way to protect yourself against attacks. If you spot any of the following tip-offs, proceed with caution.

Secure Your Accounts and Passwords With a Hardware Token

Secure Your Accounts and Passwords With a Hardware Token By David Murphy, lifehacker.com

Two-factor authentication is a quick, easy way to add extra security to your accounts (or password managers). For even more security and peace of mind, consider buying a hardware token like the YubiKey or Google Titan. They’re incredibly easy to set up, and as long as you keep the USB accessory on or near you—on your keyring, for example—you’ll be able to authenticate into supported accounts and services as quickly as typing in a password. And since nobody else will have your hardware authenticator, your accounts will be protected from other attackers.

-Common Types of Two-Factor Authentication

A Guide to Common Types of Two-Factor Authentication on the Web By Jacob Hoffman-andrews, www.eff.org

Two-factor authentication (or 2FA) is one of the biggest-bang-for-your-buck ways to improve the security of your online accounts. Luckily, it's becoming much more common across the web. With often just a few clicks in a given account's settings, 2FA adds an extra layer of security to your online accounts on top of your password.


The Different Forms of Two-Factor Authentication: SMS, Autheticator Apps, and More By Chris Hoffman, www.howtogeek.com

Many online services offer two-factor authentication, which enhances security by requiring more than just your password to sign in. There are many different types of additional authentication methods you can use.

Two-Factor Authentication: Who Has It and How to Set It Up

Two-Factor Authentication: Who Has It and How to Set It Up By Eric Griffith, www.pcmag.com

In 2014, the Heartbleed exploit left everyone's login information potentially up for grabs thanks to one itty-bitty piece of code, and in the past few years, our security nightmares have only gotten worse. In fact, more data was leaked in the first half of 2017 than in all of 2016 combined.

Use Your Password Manager for Security Answers, Too

Use Your Password Manager for Security Answers, Too By David Murphy, lifehacker.com

It’s been a while since I’ve had to type in some stupid answer to a made-up question when creating an account on a new service. You know what I’m talking about: Forget your password, and you can regain access to your account by typing in the name of your first pet (Mr. Mrglglrm), your favorite sports team (Saskatoon Sirens), or the street you grew up on (Third Street).

1 2 3 7
Tech News by Topic